Hi mAL
Here are the posts.
FRST post:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by Administrator1 (administrator) on TOSHIBA (TOSHIBA SATELLITE PRO C50-A-1KH) (31-08-2019 21:30:29)
Running from C:\Users\Administrator1\Desktop
Loaded Profiles: Administrator1 (Available Profiles: Administrator1 & Pietro & Rahil & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2013-10-11] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-06-01] (DTS, Inc. -> DTS, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [vidc.H264] => C:\Windows\SysWOW64\TH264Codec.dll [356352 2012-11-12] (TDP5) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.MP43] => C:\Windows\SysWOW64\Mpg4c32.dll [413760 2012-11-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTA] => C:\Windows\SysWOW64\TVTACodec.dll [90112 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.TVTX] => C:\Windows\SysWOW64\TVTXTDEC.DLL [282624 2012-11-12] (tvt) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\XVIDVFW.DLL [114688 2012-11-12] (tvt) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{3AFF1C30-4959-4c2f-8BED-E6E81E39F57A}] -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtCp.dll [2012-02-02] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2019-07-15]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {073279F4-799C-4F07-96EE-2BE10C720FAE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {090B8C91-D5C6-48DE-A9EC-F6A1D3B8955C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {146333AA-166F-4CBE-956A-BDF9B888674D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {2FE6EA4F-8EF6-4454-AD92-F7121A71B652} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-24] (Google Inc -> Google Inc.)
Task: {3C37FED5-BE30-462C-91A0-8984D3E48477} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {417E333C-16B5-4A70-8AA4-8B373A654AE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {4807DA5E-23F6-494E-9DC9-53F288DB48A0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {499CB95E-D5F8-4106-88E7-E48B898D322F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1569912 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AF96650-A8E5-4460-9181-4F46AF77A17E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117296 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BBFE095-9051-4C2A-B878-762E9D8E2F06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E05F8A2-7A76-46C9-A643-561B50E681F3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-17] (Adobe Inc. -> Adobe)
Task: {5EC73ED3-350E-490E-BA00-D5048E923C2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2136B53-4922-464B-8841-BCF9E8475611} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-17] (Adobe Inc. -> Adobe)
Task: {B52D0FF5-BF38-45F2-B2C9-D2990C72BC37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B6A1C5CB-B095-48A6-B1F5-2D4FDD7059EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {C58BD3E8-91DF-49D8-B29B-F5C6612F576A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {CE6EAAA2-FB84-41D9-9DD6-815F64C0F9CD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428624 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{78BDAA79-C3A1-4667-8655-49D6221C5566}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://toshiba13.msn.com/?pc=TEJBHKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxp://toshiba13.msn.com/?pc=TEJBHKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
hxxp://toshiba.eu/symbaloo_bSearchScopes: HKU\S-1-5-21-2246960787-3754121387-607372831-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353}
hxxp://192.168.0.220/WebClient.exeHandler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FireFox:
========
FF DefaultProfile: d38hhm6w.default-1566943191455
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\jv6yb4nm.default-release-1567124582797 [2019-08-31]
FF DownloadDir: C:\Users\Administrator1\Desktop
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\d38hhm6w.default-1566943191455 [2019-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-17] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-17] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default [2019-08-29]
CHR Extension: (Slides) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-12]
CHR Extension: (Docs) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-12]
CHR Extension: (Google Drive) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Sheets) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (IE Tab) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2019-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12]
CHR Extension: (Gmail) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] -
hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568224 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-06-01] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] (PEGATRON CORPORATION -> )
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmUStor; C:\windows\System32\drivers\AmUStor.SYS [118184 2018-05-14] (Alcorlink Corp. -> )
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37320 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [209256 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [206056 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [61688 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [279336 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42504 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [168896 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [112520 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [88160 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1030784 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [477288 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [225816 2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [387688 2019-08-13] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\windows\System32\DRIVERS\athrx.sys [4022272 2013-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-31] (Malwarebytes Corporation -> Malwarebytes)
S3 NPF; C:\windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\windows\System32\DRIVERS\stwrt64.sys [546304 2013-04-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-31 21:30 - 2019-08-31 21:30 - 000000000 ____D C:\Users\Administrator1\Desktop\FRST-OlderVersion
2019-08-31 20:18 - 2019-08-31 20:18 - 000275232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2019-08-31 10:20 - 2019-08-31 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office
2019-08-29 22:29 - 2019-08-29 22:29 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-29 22:29 - 2019-08-29 22:29 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-29 22:29 - 2019-08-29 22:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-29 22:29 - 2019-08-29 22:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-27 22:59 - 2019-08-30 01:23 - 000000000 ____D C:\Users\Administrator1\Desktop\Old Firefox Data
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\Roaming\Mozilla
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\LocalLow\Mozilla
2019-08-27 22:55 - 2019-08-27 22:55 - 000000000 ____D C:\Users\Rahil\AppData\Local\Mozilla
2019-08-27 22:54 - 2019-08-27 22:54 - 000157106 _____ C:\Users\Pietro\Desktop\bookmarks-2019-08-27 Pietro.json
2019-08-27 22:51 - 2019-08-27 22:51 - 000023720 _____ C:\Users\Administrator1\Desktop\bookmarks-2019-08-27 Admin.json
2019-08-21 00:37 - 2019-08-21 00:39 - 000001826 _____ C:\Users\Administrator1\Desktop\Fixlog.txt
2019-08-20 00:56 - 2019-08-20 00:56 - 000001230 _____ C:\Users\Administrator1\Desktop\MBAM Log.txt
2019-08-20 00:37 - 2019-08-20 00:37 - 000002246 _____ C:\Users\Administrator1\Desktop\Tweaking.com - Registry Backup.lnk
2019-08-20 00:37 - 2019-08-20 00:37 - 000000000 ____D C:\RegBackup
2019-08-20 00:34 - 2019-08-20 00:34 - 005766144 _____ (Tweaking.com) C:\Users\Administrator1\Desktop\tweaking.com_registry_backup_setup.exe
2019-08-19 02:39 - 2019-08-31 10:20 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-19 02:39 - 2019-08-31 10:20 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-17 10:39 - 2019-08-17 10:41 - 000034095 _____ C:\Users\Administrator1\Desktop\Addition.txt
2019-08-17 10:33 - 2019-08-31 21:35 - 000023706 _____ C:\Users\Administrator1\Desktop\FRST.txt
2019-08-17 10:32 - 2019-08-31 21:30 - 000000000 ____D C:\FRST
2019-08-17 10:31 - 2019-08-20 00:36 - 000001328 _____ C:\Users\Administrator1\Desktop\post.txt
2019-08-17 10:27 - 2019-08-31 21:30 - 001615360 _____ (Farbar) C:\Users\Administrator1\Desktop\FRST64.exe
2019-08-13 19:44 - 2019-08-13 19:44 - 000001838 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-13 19:44 - 2019-08-13 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-13 19:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-08-13 07:39 - 2019-08-31 09:27 - 000212992 _____ C:\windows\system32\ClickToRun_Pipeline16
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-31 21:30 - 2016-11-17 00:16 - 000000000 ____D C:\Users\Administrator1\AppData\LocalLow\Mozilla
2019-08-31 21:22 - 2017-04-16 00:50 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-08-31 20:53 - 2015-09-06 15:40 - 000000000 ____D C:\Users\Pietro\Documents\Sport
2019-08-31 20:51 - 2016-11-18 21:41 - 000000000 ____D C:\Users\Pietro\AppData\LocalLow\Mozilla
2019-08-31 20:26 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-31 20:26 - 2009-07-14 05:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-31 20:18 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-08-31 10:25 - 2013-10-11 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-31 10:19 - 2013-10-11 23:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-29 22:26 - 2015-11-24 15:53 - 000000000 ____D C:\Users\Administrator1\AppData\Local\IE Tab
2019-08-27 22:47 - 2015-11-24 15:52 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-27 22:47 - 2015-11-24 15:52 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-25 19:17 - 2009-07-14 06:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2019-08-25 19:17 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2019-08-25 01:06 - 2017-04-19 22:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-24 22:05 - 2015-11-26 03:02 - 000000000 ____D C:\Users\Pietro\AppData\Local\IE Tab
2019-08-21 00:42 - 2015-11-26 01:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-08-21 00:38 - 2009-07-14 04:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2019-08-21 00:38 - 2009-07-14 04:20 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2019-08-20 00:37 - 2017-04-09 16:19 - 000053291 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2019-08-17 10:48 - 2018-03-14 22:48 - 000004478 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-17 10:48 - 2017-04-19 23:02 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-08-17 10:48 - 2017-04-19 23:02 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-17 10:48 - 2017-04-19 23:02 - 000004324 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2019-08-17 10:48 - 2013-10-11 22:58 - 000000000 ____D C:\windows\SysWOW64\Macromed
2019-08-17 10:48 - 2013-10-11 22:58 - 000000000 ____D C:\windows\system32\Macromed
2019-08-13 19:56 - 2017-04-19 22:44 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\ProgramData\TEMP
2019-08-13 19:46 - 2014-09-06 16:02 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-08-13 19:34 - 2018-06-22 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-13 19:19 - 2019-07-04 23:21 - 000168896 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 001030784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-08-13 19:19 - 2017-04-16 00:50 - 000387688 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-08-13 07:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\system32\NDF
2019-08-13 00:30 - 2014-09-04 00:42 - 000000000 ____D C:\Users\Pietro\AppData\Local\CutePDF Writer
==================== FLock ================
2013-12-06 12:52 C:\windows\CSC
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-04-18 22:10
==================== End of FRST.txt ============================
ADDITION post:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Administrator1 (31-08-2019 21:35:44)
Running from C:\Users\Administrator1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-21 18:53:52)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2246960787-3754121387-607372831-500 - Administrator - Disabled)
Administrator1 (S-1-5-21-2246960787-3754121387-607372831-1000 - Administrator - Enabled) => C:\Users\Administrator1
Guest (S-1-5-21-2246960787-3754121387-607372831-501 - Limited - Disabled) => C:\Users\Guest
Pietro (S-1-5-21-2246960787-3754121387-607372831-1001 - Limited - Enabled) => C:\Users\Pietro
Rahil (S-1-5-21-2246960787-3754121387-607372831-1007 - Limited - Enabled) => C:\Users\Rahil
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\{F08E6C0F-EF66-4E9B-B220-747F99FE0C15}) (Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ControlCenter (HKLM-x32\...\{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)
Filzip 3.06 (HKLM-x32\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
H264 Video Codec (HKLM-x32\...\H264) (Version: - T,DP5)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{74291031-84BA-4A01-9B8A-1C17CDFB820D}) (Version: 12.9.2.6 - Apple Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11929.20254 - Microsoft Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.11929.20254 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
NVMS-1000 (HKLM-x32\...\{706F1178-8CDB-45E5-B05F-D1950D9D17DF}) (Version: 2.0.0.2 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Skype version 8.50 (HKLM-x32\...\Skype_is1) (Version: 8.50 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WebClient (HKLM-x32\...\WebClient) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.0.2 (HKLM-x32\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6-x32: [Filzip] -> {B28C18DB-6816-4F31-9630-397683E3C2C3} => C:\Program Files (x86)\Filzip\fzshext.dll [2004-09-08] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2013-12-06 13:17 - 2013-08-15 23:34 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2015-12-03 01:51 - 2015-12-03 01:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\AppVIsvSubsystems32.dll
2015-12-03 01:51 - 2015-12-03 01:51 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\c2r32.dll
2011-12-15 00:04 - 2011-12-15 00:04 - 000150016 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000109568 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2011-12-15 00:03 - 2011-12-15 00:03 - 000259584 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\TOSHIBA\TPHM\TReport.dll
2013-06-19 02:51 - 2013-06-19 02:51 - 000057344 _____ (TOSHIBA CORPORATION.) [File not signed] C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll
2013-03-08 00:02 - 2013-03-08 00:02 - 000202752 _____ (TOSHIBA CORPORATION.) [File not signed] C:\windows\System32\tbtmon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [252]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2019-01-05 18:58 - 000000036 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ED0E5E14-C822-4331-B83C-081848F6852C}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{0DCF30F8-9976-4A13-A374-9F14D32AC006}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
FirewallRules: [{D654BC83-80E5-41CD-B365-6BAED47921CD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{77A4AEF1-83CE-43FD-B9AE-6DA6288B2E18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe No File
FirewallRules: [{1F631B2B-5D98-401B-976B-85A785D1C9A5}] => (Allow) C:\Users\Administrator1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{E776AB36-B620-4A00-8133-20441BBA7901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CDA2465-3886-4465-B515-6F0D6CEE8C3D}] => (Allow) LPort=2869
FirewallRules: [{A0BDDE8A-B7FE-4778-AFA6-EAE70D2C5B58}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{CE306CA1-5DC0-4815-8C6F-45808F475E70}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [UDP Query User{19313C13-F158-455E-901A-FB144D55676F}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe (TVT) [File not signed]
FirewallRules: [TCP Query User{18B3C83B-AE60-4FBD-9F43-9B4D13A1AB72}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [UDP Query User{02A0693B-0043-41A4-99DB-429F45DD13A7}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe () [File not signed]
FirewallRules: [{D560366C-E366-4326-8512-F1FF7B390939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37ED6C6D-9F64-4C18-9211-F0F6FA5C2B90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8AABE8D-A824-4343-A84B-F3BB9DACECE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE8AD0C8-466D-41DD-BB34-D9FAB89EE781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F70F35E-0D60-48EC-A4A2-4B26F1623C84}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54741927-6956-4A68-BB12-0DA3CE628E5D}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F3C9541-5E7C-4D94-A3F9-BA0B957F40BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3A1028E-5E31-4C2D-B7EC-8A2A22394DAA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C641760E-FFE7-4099-B886-9D7A18643525}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BCC40A2E-A4D2-426A-BA08-F32F83E8F8E6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B9B6CA7D-517D-4D15-8557-E0442AE564C7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF1414A9-2D56-400D-9641-AA0999A2BB14}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
16-06-2019 17:01:21 Windows Update
24-06-2019 02:44:49 Windows Update
10-07-2019 23:27:45 Windows Update
21-08-2019 00:37:55 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2019 08:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/31/2019 10:26:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/31/2019 09:27:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/30/2019 07:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/29/2019 10:33:56 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (08/29/2019 10:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/29/2019 10:15:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/29/2019 07:42:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (08/31/2019 09:20:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (08/29/2019 10:17:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/29/2019 10:17:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
Error: (08/29/2019 07:40:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/29/2019 07:40:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avast Antivirus service to connect.
Error: (08/29/2019 07:39:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:46:12 on 29/08/2019 was unexpected.
Error: (08/28/2019 10:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audio Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/28/2019 10:49:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Audio Service service to connect.
Windows Defender:
===================================
Date: 2014-09-27 23:54:54.460
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{EFB0E6BC-BF83-4EAC-8611-3D60304AC533}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
CodeIntegrity:
===================================
Date: 2016-08-13 17:06:13.988
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-13 17:06:13.894
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-23 00:59:45.944
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-23 00:59:45.648
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-21 23:27:26.038
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-21 23:27:25.788
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-20 22:09:58.100
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-07-20 22:09:57.804
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: TOSHIBA 1.40 08/19/2014
Motherboard: TOSHIBA PT10S
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 4008.05 MB
Available physical RAM: 555.78 MB
Total Virtual: 8014.25 MB
Available Virtual: 4443.44 MB
==================== Drives ================================
Drive c: (TI31224900A) (Fixed) (Total:453.87 GB) (Free:356.36 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{cd4b7444-5e6c-11e3-82f1-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 628BBA91)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)
==================== End of Addition.txt ============================